Cybersecurity Engineer (Term-Limited Appointment)

Overview

Design, implement, and manage security solutions, assess risks, and respond to incidents.

Key Responsibilities

• log review
• incident response
• forensic analysis
• vulnerability assessment
• security tooling
• metrics reporting

Tasks

-It is the responsibility of all employees to follow the Agency safety rules, regulations, and procedures pertaining to their assigned duties and responsibilities, which could include systems, operations, and/or other employees. -Reviews log-based data, both in raw form and utilizing SIEM or aggregation tools. -Participates in incident response activities; conducts computer and network forensic investigations in support of incident response activities; performs root-cause analysis when incidents occur and prepares incident reports. -Evaluates any prospective technology solution and system for adherence to documented agency standards, policies, and regulatory responsibilities. -Position includes on call and weekend and night shifts to support incident response activities. -Position is responsible for connecting equipment to other equipment mounted above eye level; may be subject to reaching. -Position is responsible for operating the graphic interfaces for the software applications that display large amounts of data. Numerous data elements are also conveyed in graphical format; may be subject to eye/hand coordination and vision. -Keeps up to date on latest information security trends, “best practices”, threats, and countermeasures. -Writing of technical documentation and standards. -Performs vulnerability assessments and penetration tests of information systems. -Operates and maintains technologies, systems, and applications used to support security controls and activities. -Interacts with penetration testers and other external vendors as needed. -Establishing and maintaining effective working relationships with other department staff, management, vendors, and other stakeholders. -Interpreting information security policies, standards, and procedures sufficiently to administer, discuss, resolve, and explain them to staff and other constituencies. -The Agency promotes a safe and healthy work environment and provides appropriate safety and equipment training for all personnel as required. -Identifies and assesses technology-related risks to information security associated with current and prospective technology solutions; and recommends appropriate mitigating controls. -Evaluates, implements, and supports security-focused tools and services required to support information security controls. -Generating metrics and preparing reports to facilitate decision-making on security-related activities. -Assesses and classifies any identified system vulnerabilities in accordance with pre-defined risk criteria; advises and consults with internal customers on risk assessment, threat modeling, and mitigation of vulnerabilities. -Conducts regular security reviews of both software and processes. Reviews and creates threat models and recommends security enhancements consistent with information security strategy and evolving threats. -Utilizing personal computer software programs affecting assigned work and in compiling and preparing spreadsheets and reports. -Collaborates with other IT engineering and administration disciplines to ensure security best practices are incorporated into design, implementation, operation, and maintenance of systems and services within the agency. -Assists in promoting a culture of information security at Sound Transit. -Documenting and explaining risks, recommendations, and incident data to technical and non-technical stakeholders.

Requirements

• cissp
• ceh
• azure
• powershell
• siem
• forensics

What You Bring

-CEH, CCFP, GCIH (or other GIAC), CCSP, CSA or others that are considered field relevant. -Strong understanding of Microsoft OS (Server and Workstation) and Linux OS products. MacOS is strongly desirable. -Modern office procedures, methods, and equipment including computers and computer applications such as word processing, spreadsheets, and statistical databases. -Scripting skills (e.g., PowerShell). -Candidate should have excellent time management skills including the ability to prepare, prioritize, and complete work plans. -Strong understanding of cloud platforms (Azure, AWS). -Demonstrated skills in conducting forensic analysis of digital evidence, network traffic, managing event analysis/correlation, and related incident investigations. -Working effectively under pressure, meeting deadlines, and adjusting to changing priorities. -Ability to work effectively and organize priorities independently. -Technical skills proficiency in the following areas: security information event management, network protocols (e.g. TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols), system administration, malware (propagation, infection, types), intermediate knowledge of network security controls and technologies (proxy, firewall, IDS/IPS, router/switch, open source information collection platforms), cryptography, Microsoft Active Directory, and Microsoft cloud technologies (Azure, M365, Entra). -Principles of business letter writing and basic report preparation. -Deep knowledge of security operations: perimeter defense, forensics, incident response, kill chain analysis, risk assessment, and security metrics. -Strong understanding of internet-facing, web applications. -In-depth knowledge of security software threats and vulnerability mitigation techniques. -Results oriented, highly organized, proactive, and self-motivated. -Working understanding of Operating System architecture as it relates to the functions of the following components: OS kernel, OS kernel modules and device drivers, memory management, inter-process communication, security subsystem, user account rights, user group rights, system logs, I/O functions, network services, file-system permissions, and application interaction with the Operating System. -English usage, spelling, grammar, and punctuation. -Experience with the application of threat modeling or other risk identification techniques. -Responding to inquiries and in effective oral and written communication. -Ability to self-organize and manage workload and activities. -Working knowledge of risk-based methodologies and one or more of the following frameworks: ISO 27001/2:2022, PCI-DSS, or NIST 800-53. -Good knowledge of information security incident handling and investigation procedures. -Champions and models Sound Transit's core values and demonstrates values-based behaviors in everyday interactions across the agency. -Certified Information Systems Security Professional (CISSP), or ability to obtain certification within 12 months of employment. -Relevant experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, and cryptography.

People Also Searched For

Benefits

-Employee Assistance Program. -Compensation Practices: We offer competitive salaries based on market rates and internal equity. In addition to compensation and benefits, you’ll find that we provide work-life balance, opportunities for professional development and recognition from your colleagues. -Health Benefits: We offer two choices of medical plans, a dental plan, and a vision plan all at no cost for employee coverage; comprehensive benefits for employees and eligible dependents, including a spouse or domestic partner. -Retirement Plans: 401a – 10% of employee contribution with a 12% match by Sound Transit; 457b – up to IRS maximum (employee only contribution). -Long-Term Disability and Life Insurance. -Parental Leave: 12 weeks of parental leave for new parents. -Tuition Reimbursement: Sound Transit will pay up to $5,000 annually for approved tuition expenses. -Paid Time Off: Employees accrue 25 days of paid time off annually with increases at four, eight and twelve years of service. Employees at the director level and up accrue additional days. We also observe 12 paid holidays and provide up to 2 paid floating holidays and up to 2 paid volunteer days per year. -Pet Insurance. -ORCA Card: All full-time employees will receive an ORCA card at no cost. -Work is performed in a hybrid office and field environment.

About Sound Transit

-Operates an extensive network of light rail, commuter rail, and bus services across the Seattle metro area. -Known for its forward-thinking approach to public transit, focusing on connecting communities and reducing traffic congestion. -Projects include large-scale infrastructure developments, such as the Link light rail extension and Sounder commuter rail improvements. -Funded by a combination of federal, state, and local funding sources, alongside passenger fares. -Recognized for its innovative use of technology to enhance ridership experiences and operational efficiency. -Typical projects include construction of new transit lines, station development, and improving regional transportation networks. -Expanded its reach in recent years, growing services and infrastructure to meet the needs of a rapidly growing population.

Sector Specialisms